ClearPass only blocking some phones
05-10-2016 05:52 PM
Hi. We are a K-12 school district in NC that has had ClearPass recently setup by our Aruba vendor. A big reason we purchased ClearPass was to block student phones from our network. Rules and roles were created by our vendors engineer to accomplish this with DHCP fingerprinting. The device type is profiled (Smart Device; Apple iPhone, Samsung Android, etc) and rules are created to send these devices to a blocked phone role. A Deny_Device role is setup on the IAP virtual controller to deny all services to any iPhone or Android phone. In our testing lab we saw this successfully work and saw that phones from multiple vendors were in fact blocked. We began rolling this out to one of our middle schools this week and are finding that some iPhone and Android phones can connect, get a valid IP and get out to the internet and get a role that allows them on the network while other phones get the deny_device role, get an invalid IP and are blocked like they should be. Can anyone lend any assistance as to why some phones are blocked and some are not? Thank you.